I'm following The Security Tube’s video here.
He overviews buffer overflows, and mentions how memory is executed from highest to lowest in the stack (at least with his implementation I assume). So we ...

I've come to find Full Disk Encryption to be a rather unsafe method of securing data as standardized tools are becoming available to just read out the encryption key from RAM, where the system needs ...

I was reading a paper and saw this piece of code has an information leakage vulnerability. It was saying the following code will Leak memory layout information to the attackers
Could somebody please ...

Can I safely assume that my RAM never can be accessed by another user on e.g. EC2 or Digital Ocean, if we suppose that I trust my provider and we don't consider possible bugs (such as Heartbleed) in ...

I have option in my application which send an invitation email to another user.
Someday ago, one of my friend told me that, attacker can flood any email using this function. And i have checked that ...

I might at some point to invite another person into my software project. I don't mind sharing the code but the data I use is very sensitive. Once he gets hands on both pieces I wont see him again (if ...

I recall seeing, upon release of Windows 8 a while ago that a number of new mitigations and memory protections had been put in place but i'm unsure if these are the same protections offered by EMET. ...

I am currently writing a thesis about digital forensics which includes a chapter about memory forensics.
Besides the tools and the methods of acquiring various data with them,
I am kind of desperate ...

I need to evaluate the security of a cryptographic library. In particular I am targeting a part of the library where I believe the private key is exposed for a limited time in the RAM. Any ideas or ...

AFAIK, our current disk encryption methods (dm-crypt) preserve the key (as well as decrypted data) in RAM while the computer is running with an implicit assumption that the memory is volatile and key ...

Can someone pls explain how I can fix the following valgrind error on fread? I tried doing if (fread(valueCon, 1, intCount, f) == intCount){ then execute}; but that does not seem to change anything. ...

I am using the Pyro package to create a daemon which will, upon startup, prompt for a password, and then the daemon will store that password as long as it is running. Other scripts will then make a ...

I know there have been questions on this in the past but they all seem quite outdated, or not that specifically relevant.
I need to use a 1394(Firewire) connection, however am concerned with possible ...

Our institution requires disc encryption on laptops, but I'm uneasy about using full disc encryption without SECDED ECC DRAM.
Is it safe to use full disc encryption on laptops with unreliable memory?
...

I'm about to get rid of an older scanner and I want to make sure that no one is able to acquire any sensitive information that was scanned previously with the machine. I assume it does have some kind ...

Based on this IE zero day, I'm interested in listing all DLLs in our systems that have been compiled to not work with ASLR.
Ideally, I'd like to analyze a static file and not load it into memory to ...

I was listening to a talk on Return Oriented Exploitation from the Black Hat 2010 conference. The speaker mentioned something about using the DLLs to exploit some of the memory corruption issues.
I ...

I am using Volatility Framework 2.2 to anlayze a Linux memory dump.
This memory dump was taken from an Ubuntu 12.04 LTS x86_64 machine with the kernel version 3.5.0-23
I have the profile for it and ...

I am practicing Linux buffer overflow exploitation. when trying to exploit a vulnerability in crossfire, everything works well and I get the shellcode placed in the right place, and the program flow ...

Lately I've been thinking to get rid of some old smartphones; among them an Android device and a Blackberry. Not selling or recycling them is the ideal solution, however, I still would like to know ...

I am learning about return to system call attacks for a security class. I understand that in this kind of attack, attackers replace the standard return value for a stack frame with the address of a ...